
12
The DHIG governance committee and process reduces risk for both individual
projects and for the broader organization, improving the likelihood success by
ensuring proper approvals and best practices are followed.
COPYRIGHT NOTIC E
Brigham & Women ’s Hospital. Rights Re served. This work is distributed under th e Creative Commons Attribution-NonComm ercial-ShareAlike 4.0
License (“License ”), which permits unr estricted sharing of th is work, provided tha t: (1) it may not be u sed for commercial p urposes; (2) Adapted
Material may be pre pared and shall be m ade freely available u nder identical terms and conditions of the License; and (3) attri bution must be given
to Brigham & Wom en’s Hospital.
All terms and cond itions of the License ar e available here:
https://creativecom mons.org/licenses/ by-nc-sa/4.0/legalcode
*Listed assets m ay be available up on request. Plea se contact us at b whihub.org or em ail ihub@partners.org for more inf ormation.
Rev 1.4 – May 15, 2 017
Digital Health Innovation Guide (DHIG) Checklist
Business Associate Agreement
(BAA)
Agreement between the vendor and
subcontractors who will be performing a
service on behalf of the institution and will
have access to patient health information
(protected health information or “PHI”).
Brigham and Women’s Hospital
(BWH) standard BAA template*
Agreement between innovator and vendor
as to pilot scope. Used for contracting
purposes and must be signed off by supply
chain for a PO to be issued. Substantial
modifications or enhancements to develop
should consider a new SOW.
Partners HealthCare System
(PHS) standard SOW template*
Support for Product During
Pilot
It is the application owner's responsibility
to provide application support for all users.
Discuss with your client how you will
manage issues and turnaround time.
Terms and Conditions (T&C)
Review
T&C for patients and other users must be
approved by client's legal.
Marketing
& Public
Affairs
Reference Hospital in
Marketing/PR
Approval for any planned project PR must
be discussed with hospital in advance.
There can be limits on how to incorporate
hospital in marketing/PR.
Research or Quality
Improvement (QI) Submission
Pilots need to determine if an IRB review is
required for research purposes or if the
proposed activity is clinical quality
improvement/measurement, in which case
IRB review is not required. If a pilot is
research, then the IRB approval must be
complete prior to launch. This should also
be included in the SOW.
Clinical Quality Improvement
checklist*
Security review of the app to ensure that it
will be safe within hospital environment.
This is also where HIPAA compliance is
addressed.
BWH IS standard vendor
cybersecurity risk assessment
form*
A subcomponent of the risk assessment:
May include Veracode and Qualys scans,
depending on product design.
CHECKLIST-DRIVEN PROCESS
Pre-approved/customizable guardrails and
regular check-ins keep projects on track
CROSS-FUNCTIONAL GUIDANCE
Information Security, Partners eCare,
Compliance, IRB, Partners Innovation and
other teams
PROJECTS REVIEWED
100+
AVERAGE TIME FROM INTAKE TO
PILOT
FOR PROJECTS WHICH
ULTIMATELY EXECUTED A PILOT
9
MONTHS
IMPACT TO DATE
Digital Health Innovation Guide (DHIG)